I'm just in some need of all around help. :S [RESOLVED] |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Jun 23 2007, 12:44 AM
Post
#1
|
|
|
Member  Posts: 268 OS: xp  |
Logfile of HijackThis v1.99.1 Scan saved at 1:42:00 AM, on 6/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Utopia\Angel\Angel.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\mIRC\mirc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\nick\Desktop\programs\HijackThis.exe O1 - Hosts: 1.1.1.1 f-secure.com O1 - Hosts: 1.1.1.1 www.f-secure.com O1 - Hosts: 1.1.1.1 ftp.f-secure.com O1 - Hosts: 1.1.1.1 ftp.sophos.com O1 - Hosts: 1.1.1.1 liveupdate.symantec.com O1 - Hosts: 1.1.1.1 customer.symantec.com O1 - Hosts: 1.1.1.1 dispatch.mcafee.com O1 - Hosts: 1.1.1.1 download.mcafee.com O1 - Hosts: 1.1.1.1 rads.mcafee.com O1 - Hosts: 1.1.1.1 mast.mcafee.com O1 - Hosts: 1.1.1.1 my-etrust.com O1 - Hosts: 1.1.1.1 www.my-etrust.com O1 - Hosts: 1.1.1.1 nai.com O1 - Hosts: 1.1.1.1 www.nai.com O1 - Hosts: 1.1.1.1 networkassociates.com O1 - Hosts: 1.1.1.1 secure.nai.com O1 - Hosts: 1.1.1.1 securityresponse.symantec.com O1 - Hosts: 1.1.1.1 service1.symantec.com O1 - Hosts: 1.1.1.1 www.sophos.com O1 - Hosts: 1.1.1.1 support.microsoft.com O1 - Hosts: 1.1.1.1 symantec.com O1 - Hosts: 1.1.1.1 www.symantec.com O1 - Hosts: 1.1.1.1 update.symantec.com O1 - Hosts: 1.1.1.1 updates.symantec.com O1 - Hosts: 1.1.1.1 us.mcafee.com O1 - Hosts: 1.1.1.1 vil.nai.com O1 - Hosts: 1.1.1.1 viruslist.com O1 - Hosts: 1.1.1.1 www.viruslist.com O1 - Hosts: 1.1.1.1 grisoft.com O1 - Hosts: 1.1.1.1 www.grisoft.com O1 - Hosts: 1.1.1.1 free.grisoft.com O1 - Hosts: 1.1.1.1 trendmicro.com O1 - Hosts: 1.1.1.1 housecall.trendmicro.com O1 - Hosts: 1.1.1.1 www.trendmicro.com O1 - Hosts: 1.1.1.1 pandasoftware.com O1 - Hosts: 1.1.1.1 www.pandasoftware.com O1 - Hosts: 1.1.1.1 usa.kaspersky.com O1 - Hosts: 1.1.1.1 ewido.net O1 - Hosts: 1.1.1.1 www.ewido.net O1 - Hosts: 1.1.1.1 zonelabs.com O1 - Hosts: 1.1.1.1 www.zonelabs.com O1 - Hosts: 1.1.1.1 bitdefender.com O1 - Hosts: 1.1.1.1 www.bitdefender.com O1 - Hosts: 1.1.1.1 download.bitdefender.com O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com O1 - Hosts: 1.1.1.1 spywareinfo.com O1 - Hosts: 1.1.1.1 www.spywareinfo.com O1 - Hosts: 1.1.1.1 merijn.org O1 - Hosts: 1.1.1.1 www.merijn.org O1 - Hosts: 1.1.1.1 sysinternals.com O1 - Hosts: 1.1.1.1 www.sysinternals.com O1 - Hosts: 1.1.1.1 onguardonline.gov O1 - Hosts: 1.1.1.1 www.onguardonline.gov O1 - Hosts: 1.1.1.1 avast.com O1 - Hosts: 1.1.1.1 www.avast.com O1 - Hosts: 1.1.1.1 safety.live.com O1 - Hosts: 1.1.1.1 www.paretologic.com O1 - Hosts: 1.1.1.1 paretologic.com O1 - Hosts: 1.1.1.1 virusscan.jotti.org O1 - Hosts: 1.1.1.1 services.google.com O1 - Hosts: 1.1.1.1 www.webroot.com O1 - Hosts: 1.1.1.1 webroot.com O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: smss.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\nick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\nick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Program Files\crazyvegasMPP\MPPoker.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CFFA044-463C-4E0C-BE7B-710A192210E6}: NameServer = 207.69.188.187 207.69.188.186 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: WIKI.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
 |
 
|
|
Jun 30 2007, 03:07 PM
Post
#2
|
|
|
Member Posts: 268 OS: xp |
Um, bump?
|
|
|
|
|
Jun 30 2007, 03:28 PM
Post
#3
|
|
 Malware Expert  Posts: 7,416 From: Omaha, NE, USA OS: Windows Vista Ultimate |
Try looking through the forums here, you'll probably find one called The Waiting Room.
|
|
|
|
|
Jun 30 2007, 04:15 PM
Post
#4
|
|
|
Member Posts: 268 OS: xp |
Completely forgot about that, thank you.
|
|
|
|
|
Jul 1 2007, 04:43 AM
Post
#5
|
|
 Global Moderator  Posts: 9,250 From: Darkest Cornwall OS: Vista Ultimate |
Sorry for the delay
Right-Click HERE and Save As to download DelDomains.inf to your desktop. To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart) Note: This will remove all entries in the "Trusted Zone" and "Ranges" also. Then please post a new Hijackthis log |
|
|
|
|
Jul 2 2007, 10:53 AM
Post
#6
|
|
|
Member Posts: 268 OS: xp |
Logfile of HijackThis v1.99.1
Scan saved at 11:52:59 AM, on 7/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\keyhook.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Utopia\Angel\Angel.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\mason\mirc.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\nick\Desktop\programs\HijackThis.exe O1 - Hosts: 1.1.1.1 f-secure.com O1 - Hosts: 1.1.1.1 www.f-secure.com O1 - Hosts: 1.1.1.1 ftp.f-secure.com O1 - Hosts: 1.1.1.1 ftp.sophos.com O1 - Hosts: 1.1.1.1 liveupdate.symantec.com O1 - Hosts: 1.1.1.1 customer.symantec.com O1 - Hosts: 1.1.1.1 dispatch.mcafee.com O1 - Hosts: 1.1.1.1 download.mcafee.com O1 - Hosts: 1.1.1.1 rads.mcafee.com O1 - Hosts: 1.1.1.1 mast.mcafee.com O1 - Hosts: 1.1.1.1 my-etrust.com O1 - Hosts: 1.1.1.1 www.my-etrust.com O1 - Hosts: 1.1.1.1 nai.com O1 - Hosts: 1.1.1.1 www.nai.com O1 - Hosts: 1.1.1.1 networkassociates.com O1 - Hosts: 1.1.1.1 secure.nai.com O1 - Hosts: 1.1.1.1 securityresponse.symantec.com O1 - Hosts: 1.1.1.1 service1.symantec.com O1 - Hosts: 1.1.1.1 www.sophos.com O1 - Hosts: 1.1.1.1 support.microsoft.com O1 - Hosts: 1.1.1.1 symantec.com O1 - Hosts: 1.1.1.1 www.symantec.com O1 - Hosts: 1.1.1.1 update.symantec.com O1 - Hosts: 1.1.1.1 updates.symantec.com O1 - Hosts: 1.1.1.1 us.mcafee.com O1 - Hosts: 1.1.1.1 vil.nai.com O1 - Hosts: 1.1.1.1 viruslist.com O1 - Hosts: 1.1.1.1 www.viruslist.com O1 - Hosts: 1.1.1.1 grisoft.com O1 - Hosts: 1.1.1.1 www.grisoft.com O1 - Hosts: 1.1.1.1 free.grisoft.com O1 - Hosts: 1.1.1.1 trendmicro.com O1 - Hosts: 1.1.1.1 housecall.trendmicro.com O1 - Hosts: 1.1.1.1 www.trendmicro.com O1 - Hosts: 1.1.1.1 pandasoftware.com O1 - Hosts: 1.1.1.1 www.pandasoftware.com O1 - Hosts: 1.1.1.1 usa.kaspersky.com O1 - Hosts: 1.1.1.1 ewido.net O1 - Hosts: 1.1.1.1 www.ewido.net O1 - Hosts: 1.1.1.1 zonelabs.com O1 - Hosts: 1.1.1.1 www.zonelabs.com O1 - Hosts: 1.1.1.1 bitdefender.com O1 - Hosts: 1.1.1.1 www.bitdefender.com O1 - Hosts: 1.1.1.1 download.bitdefender.com O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com O1 - Hosts: 1.1.1.1 spywareinfo.com O1 - Hosts: 1.1.1.1 www.spywareinfo.com O1 - Hosts: 1.1.1.1 merijn.org O1 - Hosts: 1.1.1.1 www.merijn.org O1 - Hosts: 1.1.1.1 sysinternals.com O1 - Hosts: 1.1.1.1 www.sysinternals.com O1 - Hosts: 1.1.1.1 onguardonline.gov O1 - Hosts: 1.1.1.1 www.onguardonline.gov O1 - Hosts: 1.1.1.1 avast.com O1 - Hosts: 1.1.1.1 www.avast.com O1 - Hosts: 1.1.1.1 safety.live.com O1 - Hosts: 1.1.1.1 www.paretologic.com O1 - Hosts: 1.1.1.1 paretologic.com O1 - Hosts: 1.1.1.1 virusscan.jotti.org O1 - Hosts: 1.1.1.1 services.google.com O1 - Hosts: 1.1.1.1 www.webroot.com O1 - Hosts: 1.1.1.1 webroot.com O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: smss.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\nick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\nick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Crazy Poker - {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} - C:\Program Files\crazyvegasMPP\MPPoker.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9CFFA044-463C-4E0C-BE7B-710A192210E6}: NameServer = 207.69.188.187 207.69.188.186 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: WIKI.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe |
|
|
|
|
Jul 2 2007, 02:24 PM
Post
#7
|
|
|
Global Moderator Posts: 9,250 From: Darkest Cornwall OS: Vista Ultimate |
OK they did not appear to work so we shall do it the hard way
 FIRST Download ComboFix from Here or Here to your Desktop.
THEN Download WinPFind3u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
Logs required are combofix and winpfind You may require multiple posts |
|
|
|
|
Jul 2 2007, 04:11 PM
Post
#8
|
|
|
Member Posts: 268 OS: xp |
ComboFix 07-06-18.2 - C:\Documents and Settings\nick\Desktop\ComboFix.exe
"nick" - 2007-07-02 16:53:12 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\{3443B~1\system.dll C:\Program Files\Common Files\{3443B~2 C:\Program Files\Common Files\{3443B~2\system.dll C:\Program Files\ipwindows C:\Program Files\ipwindows\Uninst.exe C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\svchosts.exe C:\WINDOWS\system32\taskkill.com ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CLIENT_IP-IPX -------\Client IP-IPX ((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 ))))))))))))))))))))))))))))))) 2007-07-02 16:52 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-19 20:20 <DIR> d-------- C:\Program Files\mason 2007-06-17 22:04 <DIR> d-------- C:\Program Files\FrostWire 2007-06-17 22:04 <DIR> d-------- C:\DOCUME~1\nick\APPLIC~1\FrostWire 2007-06-17 21:30 <DIR> d-------- C:\Program Files\iPod 2007-06-17 21:15 <DIR> d-------- C:\Program Files\QuickTime 2007-06-13 14:17 40,960 --a------ C:\WINDOWS\system32\F5D9010.dll 2007-06-13 14:17 36,864 --a------ C:\WINDOWS\system32\ss.dll 2007-06-13 14:17 352,768 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2007-06-13 14:17 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-06-13 14:17 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys 2007-06-13 14:17 <DIR> d-------- C:\Program Files\Belkin (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-30 06:34:18 -------- d-----w C:\Program Files\mIRC 2007-06-24 16:52:54 -------- d-----w C:\Program Files\Full Tilt Poker.Net 2007-06-22 03:21:31 -------- d-----w C:\Program Files\AIM6 2007-06-20 00:16:21 -------- d-----w C:\DOCUME~1\nick\APPLIC~1\Shareaza 2007-06-18 02:31:12 -------- d-----w C:\Program Files\iTunes 2007-06-18 02:10:09 -------- d-----w C:\Program Files\Apple Software Update 2007-06-15 04:40:31 -------- d-----w C:\Program Files\Holdem Indicator 2007-05-22 07:14:05 -------- d-----w C:\Program Files\Winamp 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-03 07:09:41 -------- d-----w C:\DOCUME~1\nick\APPLIC~1\Apple Computer 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-05-02 09:31] "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-06-26 11:53] "AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 16:41 C:\WINDOWS\AGRSMMSG.exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-22 18:05] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 09:57] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 15:02] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] "smss"="" [] "F5D9010"="C:\Program Files\Belkin\F5D9010\Belkinwcui.exe" [2006-03-14 16:52] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-01-24 14:37] "Utopia Angel"="C:\Utopia\Angel\Angel.exe" [2007-06-28 08:24] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29] "smss"="" [] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=WIKI.DLL *Newly Created Service* - GTNDIS5 Contents of the 'Scheduled Tasks' folder 2007-06-16 18:53:11 C:\WINDOWS\tasks\1-Click Maintenance.job 2007-07-02 02:10:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-02 22:03:49 C:\WINDOWS\tasks\MP Scheduled Scan.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-02 17:00:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-02 17:04:51 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-02 17:04 --- E O F --- |
|
|
|
|
Jul 2 2007, 04:21 PM
Post
#9
|
|
|
Member Posts: 268 OS: xp |
WinPFind3 logfile created on: 7/2/2007 5:13:10 PM WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\nick\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 445.48 Mb Total Physical Memory | 119.25 Mb Available Physical Memory | 26.77% Memory free 1.03 Gb Paging File | 0.79 Gb Available in Paging File | 76.93% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 10.65 Gb Free Space | 28.59% Space Free Drive D: | 49.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free Drive E: | 587.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free F: Drive not present or media not loaded Computer Name: NICK-HHR15K7VUP Current User Name: nick Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.36 2.1.36 11/19/2003 15:41:01 | Size = 88363 bytes | Modified Date = 11/19/2003 4:41:02 PM | Attr = ] angel.exe -> %SystemDrive%\Utopia\Angel\Angel.exe -> [Ver = | Size = 3504640 bytes | Modified Date = 6/28/2007 8:24:48 AM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/2/2007 9:31:20 AM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/2/2007 9:31:20 AM | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 6/26/2007 11:53:06 AM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/3/2007 9:48:38 AM | Attr = ] belkinwcui.exe -> %ProgramFiles%\Belkin\F5D9010\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 17 | Size = 1585152 bytes | Modified Date = 3/14/2006 4:52:24 PM | Attr = ] daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 12/10/2005 9:57:20 AM | Attr = ] dlbkbmgr.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr = ] dlbkbmon.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.0.6: 2006072814 | Size = 7183469 bytes | Modified Date = 8/3/2006 10:12:30 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr = ] lexbces.exe -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr = ] lexpps.exe -> %System32%\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr = ] mirc.exe -> %ProgramFiles%\mason\mirc.exe -> mIRC Co. Ltd. [Ver = 6.21 | Size = 2076672 bytes | Modified Date = 11/23/2006 10:45:34 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 10/22/2005 6:05:46 PM | Attr = ] sistray.exe -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3590 | Size = 335872 bytes | Modified Date = 5/12/2004 5:23:42 PM | Attr = ] spkrmon.exe -> %ProgramFiles%\Analog Devices\SoundMAX\spkrmon.exe -> [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 8/28/2003 4:01:22 PM | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.453 | Size = 353280 bytes | Modified Date = 5/2/2007 9:31:20 AM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/3/2007 9:48:38 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr = ] (spkrmon) spkrmon [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\spkrmon.exe -> [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 8/28/2003 4:01:22 PM | Attr = ] (TUWinStylerThemeSvc) TuneUp WinStyler Theme Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\TuneUp Utilities 2006\WinStylerThemeSvc.exe -> TuneUp Software GmbH [Ver = 1.0.0.174 | Size = 118272 bytes | Modified Date = 8/10/2005 11:17:28 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.36 2.1.36 11/19/2003 15:41:01 | Size = 88363 bytes | Modified Date = 11/19/2003 4:41:02 PM | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.460 | Size = 416256 bytes | Modified Date = 5/2/2007 9:31:20 AM | Attr = ] AVG7_EMC -> %ProgramFiles%\Grisoft\AVG Free\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.474 | Size = 352768 bytes | Modified Date = 6/26/2007 11:53:06 AM | Attr = ] DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.03.0.0 | Size = 133016 bytes | Modified Date = 12/10/2005 9:57:20 AM | Attr = ] Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr = ] F5D9010 -> %ProgramFiles%\Belkin\F5D9010\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 17 | Size = 1585152 bytes | Modified Date = 3/14/2006 4:52:24 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ] smss -> -> File not found TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 10/22/2005 6:05:46 PM | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:04 AM | Attr = ] smss -> -> File not found Utopia Angel -> %SystemDrive%\Utopia\Angel\Angel.exe -> [Ver = | Size = 3504640 bytes | Modified Date = 6/28/2007 8:24:48 AM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,249 | Size = 4670968 bytes | Modified Date = 3/27/2007 3:22:56 PM | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Utility Tray.lnk -> %System32%\sistray.exe -> Silicon Integrated Systems Corporation [Ver = 0.0.0.3590 | Size = 335872 bytes | Modified Date = 5/12/2004 5:23:42 PM | Attr = ] < ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> -> < AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> WIKI.DLL -> WIKI.DLL -> File not found < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ˙˙˙˙ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome -> HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKLM: Start Page -> about:blank -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch -> HKCU: Start Page -> http://www.aol.com/puccini/start -> HKCU: ProxyEnable -> 0 -> < Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {13C1DBF6-7535-495c-91F6-8C13714ED485} -> %SystemDrive%\Documents and Settings\nick\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk [ButtonText: Absolute Poker] -> [Ver = | Size = 746 bytes | Modified Date = 1/26/2007 10:59:56 PM | Attr = ] {8A8A3162-B5FA-4c54-A862-4E62CBE8A255} -> %ProgramFiles%\crazyvegasMPP\MPPoker.exe [ButtonText: Crazy Poker] -> Microgaming [Ver = 2, 26, 0, 1 | Size = 49213 bytes | Modified Date = 2/21/2005 2:49:46 PM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 5:08:26 PM | Attr = ] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1B2110B8-D6C8-4209-ABB9-DD75B62A833C} -> () -> {3F405295-4C95-464C-AAA0-83FA79D033D8} -> (Belkin Wireless G Plus MIMO Notebook Card) -> {A1B72F49-E50B-4219-B683-A9EFCCDCD422} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00B71CFB-6864-4346-A978-C0A14556272C} -> Checkers Class - CodeBase = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab -> {14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -> {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 -> {2917297F-F02B-4B9D-81DF-494B6333150B} -> Minesweeper Flags Class - CodeBase = http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab -> {3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB -> {33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -> {5D6F45B3-9043-443D-A792-115447494D24} -> UnoCtrl Class - CodeBase = http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -> {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -> [Files/Folders - Created Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/17/2007 8:15:21 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 7/2/2007 3:56:49 PM | Attr = ] $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Created Date = 6/14/2007 5:05:24 PM | Attr = H ] $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Created Date = 6/14/2007 5:06:17 PM | Attr = H ] $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Created Date = 6/14/2007 5:01:03 PM | Attr = H ] $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Created Date = 6/14/2007 5:05:07 PM | Attr = H ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Created Date = 7/2/2007 3:52:46 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/2/2007 3:57:39 PM | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 1.85 | Size = 49152 bytes | Created Date = 7/2/2007 3:52:45 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 7/2/2007 4:06:02 PM | Attr = ] F5D9010.dll -> %System32%\F5D9010.dll -> [Ver = | Size = 40960 bytes | Created Date = 6/13/2007 1:17:50 PM | Attr = ] ss.dll -> %System32%\ss.dll -> WikiTek Inc. [Ver = 1.0 | Size = 36864 bytes | Created Date = 6/13/2007 1:17:50 PM | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 428032 bytes | Created Date = 7/2/2007 3:52:46 PM | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 7/2/2007 3:52:45 PM | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/2/2007 3:52:45 PM | Attr = ] vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 7/2/2007 3:52:45 PM | Attr = ] AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Created Date = 6/13/2007 1:17:57 PM | Attr = ] rt61.sys -> %System32%\drivers\rt61.sys -> Ralink Technology Inc. [Ver = 1.00.02.0000 | Size = 352768 bytes | Created Date = 6/13/2007 1:17:49 PM | Attr = ] ss.sys -> %System32%\drivers\ss.sys -> WikiTek Inc. [Ver = 1.1 | Size = 19968 bytes | Created Date = 6/13/2007 1:17:50 PM | Attr = ] [Files/Folders - Modified Within 30 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 7/2/2007 8:51:16 AM | Attr = RH ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 6/18/2007 7:39:28 AM | Attr = HS] Diablo II -> %SystemDrive%\Diablo II -> [Folder | Modified Date = 6/19/2007 7:18:04 PM | Attr = ] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 1834 bytes | Modified Date = 6/21/2007 10:22:50 PM | Attr = H ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/2/2007 4:57:00 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 7/2/2007 4:56:50 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/2/2007 5:06:04 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/14/2007 10:57:52 AM | Attr = H ] $NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ -> [Folder | Modified Date = 6/14/2007 6:05:28 PM | Attr = H ] $NtUninstallKB933566$ -> %SystemRoot%\$NtUninstallKB933566$ -> [Folder | Modified Date = 6/14/2007 6:06:26 PM | Attr = H ] $NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ -> [Folder | Modified Date = 6/14/2007 6:01:06 PM | Attr = H ] $NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ -> [Folder | Modified Date = 6/14/2007 6:05:08 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/2/2007 5:00:16 PM | Attr = S] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 87552 bytes | Modified Date = 6/5/2007 5:24:04 AM | Attr = ] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 256 bytes | Modified Date = 6/20/2007 10:18:00 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/2/2007 4:57:40 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/4/2007 9:59:16 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/14/2007 6:05:42 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/14/2007 6:07:12 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/17/2007 9:32:34 PM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/24/2007 9:14:40 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/2/2007 4:56:32 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/4/2007 9:59:18 PM | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 7/2/2007 4:57:00 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/2/2007 5:03:50 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 7/2/2007 5:13:04 PM | Attr = ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7168 bytes | Modified Date = 6/21/2007 9:41:08 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 388 bytes | Modified Date = 6/16/2007 1:53:12 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/1/2007 9:10:04 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 7/2/2007 5:03:50 PM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/2/2007 5:00:24 PM | Attr = H ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 6/30/2007 12:50:32 PM | Attr = ] config -> %System32%\config -> [Folder | Modified Date = 7/2/2007 4:58:02 PM | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 6/14/2007 6:06:48 PM | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 7/2/2007 5:04:52 PM | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40394 bytes | Modified Date = 6/13/2007 2:28:14 PM | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 312172 bytes | Modified Date = 6/13/2007 2:28:14 PM | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356120 bytes | Modified Date = 6/13/2007 2:28:14 PM | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 7/2/2007 5:00:58 PM | Attr = ] AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 6/13/2007 |